NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/redis: security bump to v7.0.11

Browse Source 
From the release notes
(see https://github.com/redis/redis/blob/7.0/00-RELEASENOTES):

================================================================================
Redis 7.0.11 Released Mon Apr 17 16:00:00 IST 2023
================================================================================

Upgrade urgency: SECURITY, contains fixes to security issues.

Security Fixes:
* (CVE-2023-28856) Authenticated users can use the HINCRBYFLOAT command to create
  an invalid hash field that will crash Redis on access

...

================================================================================
Redis 7.0.10 Released Mon Mar 20 16:00:00 IST 2023
================================================================================

Upgrade urgency: SECURITY, contains fixes to security issues.

Security Fixes:
* (CVE-2023-28425) Specially crafted MSETNX command can lead to assertion and denial-of-service

...

================================================================================
Redis 7.0.9 Released Tue Feb 28 12:00:00 IST 2023
================================================================================

Upgrade urgency: SECURITY, contains fixes to security issues.

Security Fixes:
* (CVE-2023-25155) Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD
  commands can trigger an integer overflow, resulting in a runtime assertion
  and termination of the Redis server process.
* (CVE-2022-36021) String matching commands (like SCAN or KEYS) with a specially
  crafted pattern to trigger a denial-of-service attack on Redis, causing it to
  hang and consume 100% CPU time.

...

================================================================================
Redis 7.0.8 Released Mon Jan 16 12:00:00 IDT 2023
================================================================================

Upgrade urgency: SECURITY, contains fixes to security issues.

Security Fixes:
* (CVE-2022-35977) Integer overflow in the Redis SETRANGE and SORT/SORT_RO
  commands can drive Redis to OOM panic
* (CVE-2023-22458) Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER
  commands can lead to denial-of-service

...

Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Titouan Christophe 2023-06-05 08:24:51 +02:00 committed by Peter Korsgaard
parent 25e485f462
commit c29bf1d2db
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package/redis/redis.hash
View File

@ -1,5 +1,5 @@
# From https://github.com/redis/redis-hashes/blob/master/README
sha256 8d327d7e887d1bb308fc37aaf717a0bf79f58129e3739069aaeeae88955ac586 redis-7.0.7.tar.gz
sha256 ce250d1fba042c613de38a15d40889b78f7cb6d5461a27e35017ba39b07221e3 redis-7.0.11.tar.gz
# Locally calculated
sha256 97f0a15b7bbae580d2609dad2e11f1956ae167be296ab60f4691ab9c30ee9828 COPYING

2
package/redis/redis.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
REDIS_VERSION = 7.0.7
REDIS_VERSION = 7.0.11
REDIS_SITE = http://download.redis.io/releases
REDIS_LICENSE = BSD-3-Clause (core); MIT and BSD family licenses (Bundled components)
REDIS_LICENSE_FILES = COPYING